Automaker Toyota has revealed a cyber attack on its IT systems has resulted into leak of personal information of nearly 300,000 vehicle customers since July 2017.
The car maker in a statement said that e-mail addresses and customer management numbers of some customers who subscribe to T-Connect have been leaked.
In total, 296,019 cases were found to have been leaked. “We apologize for causing great inconvenience and concern to our customers,” Toyota said. Toyota did not reveal the name of its cyber security vendors, which is responsible for blocking such cyber attacks. Toyota also does not reveal its IT budget.
The personal information that may be leaked is the e-mail address and customer management number, and other information such as name, phone number, credit card, etc. is not affected, Toyota said.
From December 2017 to September 15, 2022, a third party was able to access part of the company’s source code on GitHub. Toyota did not reveal the name of the hacker.
“It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the e-mail address and customer management number stored in the data server,” Toyota said.
The source code was made private on GitHub. Toyota on September 17 changed the access key for the data server, etc., and no secondary damage has been confirmed.
Toyota is sending a notification to the registered email address of any customer whose email address or customer management number may have been leaked.
Toyota said the cyber incident was caused by the inappropriate handling of the source code by the development contractor company.
“At this time, we have not confirmed any unauthorized use of personal information related to this matter, but it is possible that spam e-mails such as spoofing or phishing scams using e-mail addresses may be sent,” Toyota said.